Klue says hackers stole credential from 2022 that led to customer data breaches
Klue says hackers stole credential from 2022 that led to customer data breaches
Klue 表示黑客利用 2022 年的凭据导致客户数据泄露
Market research company Klue has confirmed that a credential dating back to 2022, which was part of a limited pilot, was used by hackers earlier this month to steal reams of data from its corporate customers, including several cybersecurity companies. 市场研究公司 Klue 已证实,黑客在本月初利用一个可追溯至 2022 年的凭据,窃取了其企业客户(包括多家网络安全公司)的大量数据。该凭据此前曾用于一项有限的试点项目。
The new detail suggests that Klue may have had years to decommission the credential that was used for the pilot, raising questions about the company’s security posture and what actions it could have taken to prevent the breaches of its customers’ data. 这一新细节表明,Klue 可能有数年时间来停用该试点项目所使用的凭据,这引发了人们对其安全态势的质疑,以及对其本可采取哪些措施来防止客户数据泄露的讨论。
The hack at Vancouver-based Klue, which it detected on June 12 and first disclosed last Friday, allowed hackers to steal data from a number of its customers, including password manager maker LastPass and several other cybersecurity companies. 总部位于温哥华的 Klue 于 6 月 12 日检测到此次黑客攻击,并于上周五首次披露。此次攻击导致黑客窃取了其多位客户的数据,其中包括密码管理器制造商 LastPass 以及其他几家网络安全公司。
The hackers used their access to Klue’s systems, which store the keys — known as OAuth tokens — to access their customers’ data stored in other clouds and databases, to download that data, and extort the companies. 黑客利用其对 Klue 系统的访问权限,获取了存储在其中的密钥(即 OAuth 令牌),进而访问了客户存储在其他云端和数据库中的数据,并下载这些数据以勒索相关公司。
Klue spokesperson Katie Berg told TechCrunch that the company’s investigation so far indicates that the credential used by the hackers to steal customers’ data “was originally provided to a third-party in 2022, for a limited pilot.” Klue 发言人 Katie Berg 向 TechCrunch 表示,公司目前的调查显示,黑客用于窃取客户数据的凭据“最初是在 2022 年提供给第三方进行有限试点使用的”。
When asked by TechCrunch, Klue would not explain the purpose of the pilot, how long it ran, or identify the third-party that the company gave the credential to. Klue also did not share why the credential wasn’t revoked following the conclusion of the pilot. 当 TechCrunch 询问时,Klue 拒绝解释该试点项目的目的、运行时长,也未透露获得该凭据的第三方身份。Klue 同样没有说明为何在试点结束后没有撤销该凭据。
Klue did not respond to follow-up emails about the incident before publication. Questions remain about the incident as the company says its investigation is continuing. 在本文发布前,Klue 未回复关于此事件的后续邮件。由于该公司表示调查仍在进行中,有关此事件的疑问依然存在。
Klue hasn’t said what kind of credential was stolen, only stating in a blog post that it was a “legacy credential associated with an integration service.” Klue also would not say whether the credential was an employee’s username and password, for example, or if the company believes the credential was stolen from the third-party rather than from its own systems. Klue 并未说明被窃凭据的具体类型,仅在博客文章中称其为“与集成服务相关的遗留凭据”。Klue 也没有说明该凭据是否为员工的用户名和密码,或者公司是否认为该凭据是从第三方而非其自身系统被窃取的。
These details may be crucial to understanding how the breach was carried out — and how to prevent a repeat incident. Klue’s statement to TechCrunch added that the company is “conducting a comprehensive review of credential management, vendor-access controls, monitoring capabilities, and deployment security processes,” offering no further details. 这些细节对于了解此次泄露是如何发生的以及如何防止类似事件再次发生至关重要。Klue 在给 TechCrunch 的声明中补充说,公司正在“对凭据管理、供应商访问控制、监控能力和部署安全流程进行全面审查”,但未提供更多细节。
A hacking group called Icarus took credit for the breach on its data leak site, and has publicly threatened to release the stolen data if its ransom isn’t paid. Klue has not said if it has had contact with the hackers, or if it plans to pay their demands. 一个名为 Icarus 的黑客组织在其数据泄露网站上声称对此次攻击负责,并公开威胁称如果不支付赎金,将发布窃取的数据。Klue 未透露是否已与黑客取得联系,或是否计划满足其要求。